It's time to fix that.
Scopegate is a permission gateway between your AI agents and external services. Define granular scopes per agent, get a secure MCP endpoint, and log every action — in under 5 minutes.
of organizations experienced AI agent security incidents
of MCP servers are over-permissioned by default
of companies have any AI security controls in place
monthly MCP SDK downloads and growing 58× year-over-year
Sources: Gravitee State of AI Agent Security 2026 · Clutch Security · MCP Anniversary Blog · Noma Security
The problem
Authorization is evaluated against the agent's identity, not the requester's. Traditional security controls are insufficient for autonomous agents that reason instead of execute.
MCP servers request broad OAuth scopes with no mechanism to restrict what each individual AI agent can actually do. Agent A and Agent B both get full access — or nothing at all.
Who can tell you what your AI agent did at 3am? MCP has no standardized logging. If something goes wrong — a deletion, an unauthorized send — you have no way to reconstruct it.
When you need to cut off an agent, you're hunting through Google IAM, Slack settings, Notion, and GitHub separately. There's no single kill-switch that works across all services.
Agents quietly accumulate permissions as their scope expands. Integrations are added, roles change, teams come and go — but the agent's access remains.
— The Hacker News, “Who Approved This Agent?”
How it works
No Kubernetes. No enterprise procurement. No “contact sales” form. Just connect, configure, and ship.
One-click OAuth to connect Google Drive, Gmail, Calendar, Sheets, Slack, Notion, and more. No manual token management.
OAuth 2.0 · Auto token refresh · Encrypted at rest
Set exactly what each agent can do: read-only, specific folder paths, rate limits per service. Visual toggle matrix — no YAML required.
Per-agent · Per-service · Folder-level · Rate limits
A unique, scoped MCP endpoint URL is generated. Paste it into your agent config. The proxy handles enforcement, logging, and revocation.
Instant activation · Works with any MCP client · Audit trail live
Features
Every agent gets its own permission profile. Define exactly which services it can access, which scopes it has, and what it's rate-limited to. Not team-level. Not org-level. Per agent.
| Agent | Drive | Gmail | Calendar |
|---|---|---|---|
| sales-assistant | read /Sales | send-only | read |
| hr-bot | read /HR | — | read+write |
| dev-agent | — | — | — |
No Kubernetes. No Entra ID. No platform team. One OAuth click, one config line, one MCP URL. You're live.
One click. All services. The proxy stops forwarding immediately — no waiting for OAuth tokens to expire.
Every tool call logged: action, params, status, error, duration. Queryable, exportable, and retention-configurable.
Integrations
Each integration is a scoped MCP endpoint. Add a new service in seconds.
Don't see your service? Request an integration →
Pricing
Get started with one agent, no card needed.
For solo developers shipping production agents.
For teams with multiple agents and shared governance.
Custom limits, compliance, and dedicated support.
All plans include SSL encryption, 99.9% uptime SLA, and GDPR-compliant data handling.
Prefer to self-host? →
From the community
“I'm building an AI agent that helps users organize their Google Drive, but I'm terrified of the liability if the agent accidentally deletes something. I need to restrict it to read-only on specific folders — but there's no way to do that today.”
AI Agent Developer
Indie developer, shipped 3 agents
“I have 30 developers, and at least 20 of them have connected Claude Code to our Google Workspace. I have zero visibility into what these agents can access. Last week someone accidentally had their agent archive 200 emails.”
Engineering Manager
Series A SaaS company
“Every enterprise prospect asks: 'Can you limit what your AI agent sees?' Right now, our answer is 'sort of.' That's a deal-breaker for Fortune 500s. We lose deals over this every quarter.”
AI Startup CTO
B2B AI automation platform
Compiled from developer interviews, Hacker News threads, and Reddit discussions.
FAQ
MCP (Model Context Protocol) is Anthropic's open standard that lets AI agents call external tools — read files, send emails, query databases. By design, MCP servers request broad OAuth scopes with no built-in mechanism to restrict access per agent. Scopegate sits in front of your MCP servers and enforces fine-grained, per-agent permissions so each agent can only do exactly what it's supposed to.
OAuth scopes are binary: an app either has access or it doesn't. Scopegate adds a second layer on top: folder-level read restrictions within Google Drive, send-only Gmail (no read), calendar read-only per agent, rate limits per agent per service, and instant cross-service revocation without touching OAuth at all. You get granular control that OAuth alone can't provide.
Yes — Scopegate acts as a transparent proxy. Tool call requests from your agent route through our infrastructure, are checked against your permission policy, and forwarded to the target service. The response is returned to your agent. We log metadata (action, params, status, duration) but do not store the actual payload contents. Enterprise customers can opt for VPC deployment to keep all traffic within their own infrastructure.
Yes. The core Scopegate engine is open-source (MIT license) and available at github.com/alifanov/scopegate. You can run it yourself with no usage limits. Scopegate Cloud adds multi-tenancy, team management, SSO, compliance exports, and hosted reliability on top. Self-hosting documentation is at /docs/self-hosting.
Currently: Google Drive, Gmail, Google Calendar, Google Sheets, Slack, Notion, GitHub, Twitter/X, LinkedIn, Google Ads, and OpenRouter. We're adding new integrations every few weeks. Each integration is an MCP endpoint — if you need one that isn't listed, you can request it on GitHub or implement a custom connector using our SDK.
We are actively pursuing SOC 2 Type II certification (expected Q3 2026). Enterprise customers receive a copy of our security questionnaire responses, penetration test results, and data processing agreement. The audit log format is designed to support SOC 2 and EU AI Act Article 13 transparency requirements out of the box.
Still have questions? Email us →
No credit card required. No Kubernetes. No enterprise procurement.
Connect your first service and get a scoped MCP endpoint today.